Unix sockets connection authentication - patch

[apologies if this appears twice; I thought I had sent it but it hasn't
appeared anywhere]
The attached patch implements a method of connection authentication for
Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
2.2 and 2.4 at least; I don't know what other implementations support
it.

Since it is not universally supported, I have included a configure test.
autoconf needs to be run after installing the patch.

This patch provides a new authentication method "peer" for use with
"local" connections; otherwise it works exactly like the "ident" method.

Please consider including this in PostgreSQL.

Oliver Elphick writes:

> Since it is not universally supported, I have included a configure test.
> autoconf needs to be run after installing the patch.

You don't need Autoconf tests for cpp symbols. You can just write #ifdef
WEIRD_SYMBOL in the code.

Btw., never ever use AC_EGREP_*.

--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter

> [apologies if this appears twice; I thought I had sent it but it hasn't
> appeared anywhere]
> The attached patch implements a method of connection authentication for
> Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
> 2.2 and 2.4 at least; I don't know what other implementations support
> it.

Are SCM_CREDENTIALS supported by some standard?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

Not sure what to do with this. Our authentication options are already
pretty complicated, and I hate to add a new one that no one is really
sure about its portability or usefulness.

> [apologies if this appears twice; I thought I had sent it but it hasn't
> appeared anywhere]
> The attached patch implements a method of connection authentication for
> Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
> 2.2 and 2.4 at least; I don't know what other implementations support
> it.
>
> Since it is not universally supported, I have included a configure test.
> autoconf needs to be run after installing the patch.
>
> This patch provides a new authentication method "peer" for use with
> "local" connections; otherwise it works exactly like the "ident" method.
>
> Please consider including this in PostgreSQL.
>

Content-Description: p.diff

[ Attachment, skipping... ]

> Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
> Isle of Wight http://www.lfix.co.uk/oliver
> PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
> GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
> ========================================
> "Rejoice with them that do rejoice, and weep with them
> that weep." Romans 12:15

>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026